[jira] [Commented] (ISIS-2300) Some CVEs in dependencies are threatening your project!

Mon, 02 Mar 2020 08:27:52 -0800 


    [ 
https://issues.apache.org/jira/browse/ISIS-2300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17049383#comment-17049383
 ] 

ASF subversion and git services commented on ISIS-2300:
-------------------------------------------------------

Commit 27cb799ab105747fb5b1b9e375ad06c8abdd74af in isis's branch 
refs/heads/master from Andi Huber
[ https://gitbox.apache.org/repos/asf?p=isis.git;h=27cb799 ]

ISIS-2300: bump org.apache.commons:commons-email 1.4 -> 1.5

> Some CVEs in dependencies are threatening your project!
> -------------------------------------------------------
>
>                 Key: ISIS-2300
>                 URL: https://issues.apache.org/jira/browse/ISIS-2300
>             Project: Isis
>          Issue Type: Dependency upgrade
>            Reporter: XuCongying
>            Assignee: Andi Huber
>            Priority: Major
>             Fix For: 2.0.0-M3
>
>
> Hi, I noticed that your project are using vulnerable libraries which are 
> related to some CVEs. To prevent potential risk it may cause, I suggest a 
> library update. Please look into the details below.
>  Vulnerable Library Version: org.springframework : spring-web : 5.2.2.RELEASE
>   CVE ID: 
> [CVE-2020-5397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5397),
>  [CVE-2020-5398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398)
>   Import Path: core/webapp/pom.xml, viewers/wicket/viewer/pom.xml
>   Suggested Safe Versions: 5.2.3.RELEASE
>  
> Vulnerable Library Version: org.apache.commons : commons-email : 1.4
>   CVE ID: 
> [CVE-2018-1294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1294),
>  [CVE-2017-9801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801)
>   Import Path: core/runtime/pom.xml
>   Suggested Safe Versions: 1.5



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to